2157 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: “pipe: wakeup wrwait after setting maxusage” The commit c73be61cede5 “pipe: Add general notification queue support” introduced a regression that could cause pipes with resized sizes to become locked under certain conditions. See...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fixed a bug in the pipe direction for control transfers. The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: The BOGUS control direction, pipe 80001e80, does not match bRequestType 0. WARNING: CPU: ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fuse: We are returning to using readaheadfolio for readahead. In commit 3eab9d7bc2f4 “fuse: converting readahead to use folio”, the logic was changed to use the new folio version of readahead. This removes the reference to the...
Astra Linux – Vulnerability in Linux 5.10
A race condition was detected in the Linux kernel’s watch queue due to a missing lock in the piperesizering function. The specific flaw lies in the handling of pipe buffers. The problem arises from the lack of proper locking when performing operations on an object. This flaw allows a local user t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: smb/server: The function ksmbdsessionrpcclose is called on the error path in the createsmb2pipe function. When the ksmbdiovpinrsp function fails, we should call ksmbdsessionrpcclose...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Tracing: The memory leak in iter-temp occurred during the reading of tracepipe. kmemleak reports: Unreferenced object: 0xffff88814d14e200 size 256 Details: - Process: “cat”, PID: 336; Jiffies: 4294871818 age: 779.490 seconds - He...
CVE-2026-32134 NanoMQ: NULL Pointer Dereference Crash in tcptran_pipe_peer During Session Restore
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for cleanstart=0...
CVE-2026-22069
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-22069
...
CVE-2026-22069
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-22069
...
EUVD-2026-30825
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...
CVE-2026-22069
OPPO O+ Connect contains a local privilege escalation vulnerability due to failure to validate the caller’s identity on the pipe interface. Root cause: improper caller authentication on the inter-process pipe. Affected component: O+ Connect (local privilege escalation). Exploitation details are n...
PT-2026-41813
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...
Botan C++ Crypto Algorithms Library 3.12.0
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...
EUVD-2026-30672
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
WPS Office improper access restriction to its named pipe
Overview WPS Office provided by WPS SOFTWARE PTE. LTD. contains a service program running background and providing certain functionalities to the other programs. This service program uses a named pipe to communicate with the other programs. The named pipe above is not properly protected and any...
PT-2026-40844
Name of the Vulnerable Software and Affected Versions Argo CD versions prior to 3.2.12 Argo CD versions prior to 3.3.10 Argo CD versions prior to 3.4.2 Description A stored cross-site scripting XSS issue exists in the application Summary tab. A user with application write access developer role ca...
github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload
A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...
Advisory ROSA-SA-2026-3265
software: kernel-6.12 6.12.74 WASP: ROSA-CHROME unaffected versions = kernel-6.12-6.12.74-9 affected versions kernel-6.12-6.12.74-9 CVE-ID: CVE-2026-43284 BDU-ID: None CVE-Crit: NO DATA CVE-DESC.: A vulnerability in the Linux kernel's xfrm subsystem ESP allows data decryption over non-packet skb...